AL
⚠ 1 unknown API keysk-ant-...C001 is not in the org allowlist and has an active session.
3 API keys observed
Credential-Centered Topology
An API key map should show who is spending with it, where it is used, and whether it belongs there.
Useful per key: org ownership, allowlist status, sessions, users, endpoints, models, and the anomalies that turn a credential from routine infrastructure into an incident.
Identity, adjacency, activity, and posture around one representative item.
Observed With
The main attribution questions.
unknown useridentity unresolved
10.0.1.44unknown endpoint
Claude Code v1.2.0agent
Usage Context
The runtime context of the key.
claude-sonnet-4-6model
1 active sessionin progress
22m durationcurrent run
API Key
sk-ant-...C001
Unknown credential currently active from an unresolved endpoint.
1 session · $0.61 · 22 min ago
Known Comparables
How this key differs from normal org credentials.
sk-ant-...A3F2known dev key
sk-ant-...7B91known CI key
qpoint allowlistmissing entry
Response Path
What the visualization should invite next.
security rule firedunknown API key
review session detailtrace activity
rotate or revokecredential action
Organization
unknown
Allowlist status
not registered
Current user
unknown (10.0.1.44)
Model in use
claude-sonnet-4-6
| Key prefix | Organization | Sessions | Total cost | Status | Last seen |
|---|---|---|---|---|---|
| sk-ant-...A3F2 | qpoint-dev | 33 | $47.20 | known | today |
| sk-ant-...7B91 | qpoint-ci | 11 | $0.82 | known | today |
| sk-ant-...C001 | unknown | 1 | $0.61 | unknown | 22 min ago |